1) CVE-2020-10802 Description: "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table." Advisory: https://www.phpmyadmin.net/security/PMASA-2020-3/ Patch: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe 2) CVE-2020-10803 Description: "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack." Advisory: https://www.phpmyadmin.net/security/PMASA-2020-4/ Patches: * https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 * https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a 3) CVE-2020-10804 Description: "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges)." Advisory: https://www.phpmyadmin.net/security/PMASA-2020-2/ Patch: same as 10803
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=2f792e1787303bdb871267f8e9fbf75d7085d893 commit 2f792e1787303bdb871267f8e9fbf75d7085d893 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-03-24 15:05:09 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-03-24 15:05:09 +0000 dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804} PMASA-2020-{3,4,2} Add 4.9.5 and 5.0.2 releases to address the following security advisories. PMASA-2020-2: SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3: SQL injection vulnerability relating to the search feature PMASA-2020-4: SQL injection and XSS having to do with displaying results Bug: https://bugs.gentoo.org/714014 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 2 + dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 +++++++++++++++++++++++++++++++ dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild | 61 +++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d commit a81c2975bff0bf2f8f4dce7c9a98628dd3b9c10d Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-03-24 15:22:32 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-03-24 15:22:58 +0000 dev-db/phpmyadmin: Security bump - CVE-2020-{10802,10803,10804}. Add 4.9.5 and 5.0.2 releases to address the following security advisories. CVE-2020-{10802,10803,10804} - PMASA-2020-{3,4,2} PMASA-2020-2: SQL injection vulnerability in the user accounts page, particularly when changing a password PMASA-2020-3: SQL injection vulnerability relating to the search feature PMASA-2020-4: SQL injection and XSS having to do with displaying results Bug: https://bugs.gentoo.org/714014 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 2 + dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 +++++++++++++++++++++++++++++++ dev-db/phpmyadmin/phpmyadmin-5.0.2.ebuild | 61 +++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+)
@maintainer(s), please advise if ready for stabilisation, or call yourself.
Vulnerable versions dropped: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a9e195c3ec8bde5b3aa7d13000d04d00e1cdbe7
Apologies for the revert, but I was too quick and dropped the last stable. I've now kept the last stable and dropped the other vulnerable versions. https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-db/phpmyadmin?id=2a9e195c3ec8bde5b3aa7d13000d04d00e1cdbe7 https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-db/phpmyadmin?id=3f6197b0b73bf7182a32ecdb1eec5489fa28601d https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-db/phpmyadmin?id=1148c00d1dee62dd9939df5d9a6a432d623db50a
Arch teams, please add stable keywords. Desired keywords: KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ppc ppc64 sparc x86 ~ppc-macos ~x64-macos ~x86-macos"
amd64 stable
ppc stable
sparc stable
x86 stable
ppc64 stable. Maintainer(s), please cleanup. Security, please vote.
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad commit d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-04-15 23:55:49 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-04-15 23:56:15 +0000 dev-db/phpmyadmin: Drop vulnerable release. Bug: https://bugs.gentoo.org/714014 Bug: https://bugs.gentoo.org/715660 Bug: https://bugs.gentoo.org/717630 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 1 - dev-db/phpmyadmin/phpmyadmin-4.9.2.ebuild | 61 ------------------------------- 2 files changed, 62 deletions(-)